Hi Phil,
Not sure why, but even with 0.9.2 "th" expression is not recognized.
error: syntax error, unexpected th
add rule ipv4table k8s-filter-services ip protocol . ip daddr . th dport vmap @no-endpoints-services
^^
sbezverk@dev-ubuntu-1:mimic-filter$ sudo nft -version
nftables v0.9.2 (Scram)
sbezverk@dev-ubuntu-1:mimic-filter$
It seems 0.9.3 is out but still no Debian package. Is it possible it did not make it into 0.9.2?
Thank you
Serguei
On 2019-12-19, 5:48 AM, "n0-1@xxxxxxxxxxxxx on behalf of Phil Sutter" <n0-1@xxxxxxxxxxxxx on behalf of phil@xxxxxx> wrote:
Hi,
On Wed, Dec 18, 2019 at 08:58:12PM +0100, Laura Garcia wrote:
> On Wed, Dec 18, 2019 at 8:44 PM Serguei Bezverkhi (sbezverk)
> <sbezverk@xxxxxxxxx> wrote:
> >
> > Error: syntax error, unexpected th
> >
> > add rule ipv4table k8s-filter-services ip protocol . ip daddr . th dport vmap @no-endpoints-services
> > ^^
>
The th header expression is available since v0.9.2, you'll have to
update nftables to use it.
> Try this:
>
> ... @th dport vmap ...
Wrong syntax.
> or
>
> ... @th,16,16 vmap ...
This not working in concatenations was one of Florian's motivations to
implement th expression, see a43a696443a15 ("proto: add pseudo th
protocol to match d/sport in generic way") for details. :)
Cheers, Phil
